Page 14 of 106 results (0.002 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-19597

https://notcve.org/view.php?id=CVE-2018-19597

CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. CMS Made Simple 2.2.8 permite Cross-Site Scripting (XSS) mediante un documento SVG manipulado. Este problema está relacionado con CVE-2017-16798. • https://github.com/security-breachlock/CVE-2018-19597/blob/master/cmssms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18270

https://notcve.org/view.php?id=CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. Existe Cross-Site Scripting (XSS) en CMS Made Simple 2.2.7 mediante el parámetro m1_news_url en una acción "Content-->News-->Add Article" en admin/moduleinterface.php. • https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18271

https://notcve.org/view.php?id=CVE-2018-18271

XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. Existe Cross-Site Scripting (XSS) en CMS Made Simple 2.2.7 mediante el parámetro m1_extra en una acción "Content-->News-->Add Article" en admin/moduleinterface.php. • https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10515

https://notcve.org/view.php?id=CVE-2018-10515

In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file unpack" en el dashboard de administrador contiene una vulnerabilidad de ejecución remota de código explotable por un usuario administrador debido a que puede haber un archivo .php en el archivo ZIP extraído. • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10521

https://notcve.org/view.php?id=CVE-2018-10521

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file move" en el dashboard de administrador contiene una vulnerabilidad de movimiento de archivos arbitrarios que puede provocar una denegación de servicio (DoS), explotable por un usuario administrador, debido a que config.php puede moverse a un directorio incorrecto. • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •